--- /dev/null
+diff -ru ../kstart-3.10/krenew.c ./krenew.c
+--- ../kstart-3.10/krenew.c 2007-03-03 20:42:26.000000000 -0800
++++ ./krenew.c 2007-11-11 18:20:25.000000000 -0800
+@@ -33,6 +33,7 @@
+ Usage: krenew [options] [command]\n\
+ -b Fork and run in the background\n\
+ -h Display this usage message and exit\n\
++ -H <min> Only renew tickets if we don't have a happy ticket\n\
+ -K <interval> Run as daemon, renew ticket every <interval> minutes\n\
+ (implies -q unless -v is given)\n\
+ -k <file> Use <file> as the ticket cache\n\
+@@ -53,7 +54,7 @@
+ {
+ va_list args;
+
+- fprintf(stderr, "k5start: ");
++ fprintf(stderr, "krenew: ");
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+@@ -165,7 +166,8 @@
+ ** Renew the user's tickets, exiting with an error if this isn't possible.
+ */
+ static void
+-renew(krb5_context ctx, krb5_ccache cache, int verbose)
++renew(krb5_context ctx, krb5_ccache cache, int verbose, int do_aklog,
++ const char *aklog, int happy_interval)
+ {
+ int status;
+ krb5_principal user;
+@@ -175,6 +177,37 @@
+ krb5_creds in, *old = NULL;
+ #endif
+
++ if( happy_interval > 0 )
++ {
++ krb5_cc_cursor cursor;
++
++ status = krb5_cc_start_seq_get( ctx, cache, &cursor );
++ if( status != 0 )
++ krb5_err( ctx, 1, status, "krenew: error reading cache" );
++ status = krb5_cc_next_cred( ctx, cache, &cursor, &creds);
++ if( status != 0 )
++ krb5_err( ctx, 1, status, "krenew: error reading cache" );
++ status = krb5_cc_end_seq_get( ctx, cache, &cursor );
++ if( status != 0 )
++ krb5_err( ctx, 1, status, "krenew: error reading cache" );
++
++ if( time(NULL) + happy_interval * 60 < creds.times.endtime )
++ {
++ if( verbose )
++ fputs( "krenew: Happy ticket. Not renewing credentials\n",
++ stderr );
++ return;
++ }
++
++ if( time(NULL) + happy_interval * 60 >= creds.times.renew_till )
++ {
++ if( verbose )
++ fputs( "krenew: Renewing ticket will not make it happy\n",
++ stderr );
++ exit(1);
++ }
++ }
++
+ memset(&creds, 0, sizeof(creds));
+ status = krb5_cc_get_principal(ctx, cache, &user);
+ if (status != 0)
+@@ -186,10 +219,12 @@
+ if (status != 0)
+ krb5_warn(ctx, status, "krenew: error unparsing name");
+ else {
+- printf("kstart: renewing credentials for %s\n", name);
++ printf("krenew: renewing credentials for %s\n", name);
+ free(name);
+ }
+ }
++
++
+ #ifdef HAVE_KRB5_GET_RENEWED_CREDS
+ status = krb5_get_renewed_creds(ctx, &creds, user, cache, NULL);
+ out = &creds;
+@@ -228,6 +263,10 @@
+ if (out != NULL)
+ krb5_free_creds(ctx, out);
+ #endif
++
++ /* If requested, run the aklog program. */
++ if (do_aklog)
++ run_aklog(aklog, verbose);
+ }
+
+
+@@ -241,6 +280,7 @@
+ int background = 0;
+ int keep_ticket = 0;
+ int do_aklog = 0;
++ int happy_interval = 0;
+ int verbose = 0;
+ const char *aklog = NULL;
+ krb5_context ctx;
+@@ -249,7 +289,7 @@
+ pid_t child = 0;
+
+ /* Parse command-line options. */
+- while ((option = getopt(argc, argv, "bhK:k:p:qtv")) != EOF)
++ while ((option = getopt(argc, argv, "bhH:K:k:p:qtv")) != EOF)
+ switch (option) {
+ case 'b': background = 1; break;
+ case 'h': usage(0); break;
+@@ -257,6 +297,12 @@
+ case 't': do_aklog = 1; break;
+ case 'v': verbose = 1; break;
+
++ case 'H':
++ happy_interval = atoi(optarg);
++ if( happy_interval <= 0 )
++ die("Happy interval must be a positive integer");
++ break;
++
+ case 'K':
+ keep_ticket = atoi(optarg);
+ if (keep_ticket <= 0)
+@@ -283,6 +329,8 @@
+ /* Check the arguments for consistency. */
+ if (background && keep_ticket == 0 && command == NULL)
+ die("-b only makes sense with -K or a command to run");
++ if (happy_interval > 0 && (background || keep_ticket || command))
++ die("-H should only be used for one time renuals");
+
+ /* Set aklog from KINIT_PROG or the compiled-in default. */
+ aklog = getenv("KINIT_PROG");
+@@ -321,13 +369,11 @@
+ }
+ }
+
+- /* Now, do the initial ticket renewal even if it's not necessary so that
+- we can catch any problems. */
+- renew(ctx, cache, verbose);
++ /* Now, do the initial ticket renewal, if we don't have a happy ticket. If
++ the happy interval was not specified, then do it anyway, if it's not
++ necessary so that we can catch any problems. */
++ renew(ctx, cache, verbose, do_aklog, aklog, happy_interval);
+
+- /* If requested, run the aklog program. */
+- if (do_aklog)
+- run_aklog(aklog, verbose);
+
+ /* If told to background, background ourselves. We do this late so that
+ we can report initial errors. We have to do this before spawning the
+@@ -373,11 +419,8 @@
+ timeout.tv_sec = keep_ticket * 60;
+ timeout.tv_usec = 0;
+ select(0, NULL, NULL, NULL, &timeout);
+- if (ticket_expired(ctx, cache, keep_ticket)) {
+- renew(ctx, cache, verbose);
+- if (do_aklog)
+- run_aklog(aklog, verbose);
+- }
++ if (ticket_expired(ctx, cache, keep_ticket))
++ renew(ctx, cache, verbose, do_aklog, aklog, 0);
+ }
+ }
+
+diff -ru ../kstart-3.10/krenew.pod ./krenew.pod
+--- ../kstart-3.10/krenew.pod 2006-06-23 19:39:40.000000000 -0700
++++ ./krenew.pod 2007-11-11 18:15:31.000000000 -0800
+@@ -71,6 +71,12 @@
+
+ Display a usage message and exit.
+
++=item B<-H> I<minutes>
++
++Only renew the ticket if it can be renewed, and and has fewer than I<minutes>
++to expiry. Exits with status 0 if ticket is happy, or was successfully renewed
++to a happy ticket. Exits with status 1 otherwise.
++
+ =item B<-K> I<minutes>
+
+ Run in daemon mode to keep a ticket alive indefinitely. The program
projects / ~andy / sunrise / commitdiff